<< Back to Script Library
Enable requirements for Logon Duration Analysis
This script is designed to enhance the login measurements in a computer using auditpol, wevutil and reg commands and complete the requisites for the Analyze Logon Duration Script.
It will additionally increase the size of the Group Policy and Print Service Event logs to retain the information for a couple of hours after login.
Important note: This script modifies the audit policies on a computer and should be used with caution. If in doubt consult with your IT Security team.
It will additionally increase the size of the Group Policy and Print Service Event logs to retain the information for a couple of hours after login.
Important note: This script modifies the audit policies on a computer and should be used with caution. If in doubt consult with your IT Security team.
Version: 2.1.5
Created: 2019-05-01
Modified: 2020-07-19
Creator: Marcel Calef
Downloads: 655
Tags: ALD auditpol logon duration
Created: 2019-05-01
Modified: 2020-07-19
Creator: Marcel Calef
Downloads: 655
Tags: ALD auditpol logon duration
The Script
Copy Script
Copied to clipboard
:: NAME: Enable requirements for Logon Duration Analysis
:: This script is designed to enhance the login measurements in a computer using auditpol,
:: wevutil and reg commands and complete the requisites for the Analyze Logon Duration Script.
:: It will additionally increase the size of the Group Policy and Print Service Event logs
:: to retain the information for a couple of hours after login.
:: Important note: This script modifies the audit policies on a computer and should be used with caution.
:: If in doubt consult with your IT Security team.
::
:: CREDIT: Guy Leech, Trentent Tye
:: PUBLISHED BY: Marcel Calef
:: Enable Command Line Auditing
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Audit" /v ProcessCreationIncludeCmdLine_Enabled /d 0x1 /f
:: Enable Print Service logging, no retention, size 50MB
wevtutil sl Microsoft-Windows-PrintService/Operational /ms:52428800 /rt:false /ab:false /e
:: Enable Group Policy logging, no retention, size 50MB
wevtutil sl Microsoft-Windows-GroupPolicy/Operational /ms:52428800 /rt:false /ab:false /e
:: Enable Process Termination audit policy
Auditpol /set /subcategory:"Process Termination" /success:enable
:: Enable Process Creation audit policy
Auditpol /set /subcategory:"Process Creation" /success:enable
:: Enable Logon Audit policy
Auditpol /set /subcategory:"Logon" /success:enable
EN 
DE